"Until we complete that process we aren't in a position to get into any more details."

The data involved in the breach is believed to include driver's licences, however it is unclear whether any Australians had their licences "downloaded" during the hack.

"Incidents such as this are a timely reminder to Australians of the value of the personal information we provide in order to receive products and services," Australia's privacy commissioner Pilgrim said.

"It is also a timely reminder to Australian businesses and agencies of the reputational value of good privacy practice, and the reputational risks that can follow mishandling of personal data.

"I also remind organisations that the commencement of the Notifiable Data Breaches Scheme in February 2018 will require them to notify any individuals likely to be at risk of serious harm due to a data breach. Failure to do so could lead to the imposition of penalties provided for in the Privacy Act."